Capital One Financial Corp. (NYSE: COF) has been hit with one of the harshest data breach fines in history. Regulators at the Treasury’s Office of the Comptroller of the Currency (OCC) fined the bank $80 million for its part in the leak of more than 100 million customer records last year.
Shares in Capital One fell on Thursday when the news was announced. The stock was down -1.73% at the closing bell.
One of the Largest Personal Data Breaches in History
In July 2019, Capital One announced that a hacker had gained access to 140,000 U.S. Social Security numbers, around one million Canadian Social Insurance numbers, and up to 80,000 bank account numbers. Millions of names, addresses, credit limits, credit scores, and account balances were also compromised in the leak.
The hacker was an ex-Amazon Web Services Employee, the same company that had hosted Capital One’s data. While the hacker was arrested and charged, regulators further investigated the bank, finding that it had failed to “establish effective risk assessment processes prior to migrating information technology operations to the public cloud environment.”
Regulators also criticized the bank for failing to respond promptly and correct the deficiencies.
The breach occurred in March of 2019, but the bank didn’t learn about it until July 19. Full details were then released to the public later that month.
Strict Conditions for the Bank Moving Forward
The $80 million fine is only one aspect of the penalties imposed on Capital One. Regulators have also demanded that the bank’s board of directors submit a plan to improve their security protocols and cyber defenses. The bank now has 90 days to comply. In addition, it must submit quarterly progress reports as it implements any new security initiatives.
Although not detailed, analysts assume that there could be further penalties for the bank if it fails to comply with the order, or if its efforts aren’t deemed appropriate or secure.
Fine to Be Paid Directly to the Treasury
The fine doesn’t include any compensation for customers who were affected by the data breach. It will go directly to the United States Treasury.
Capital One reported a net loss of $918 million after the second quarter. The fine and loss of brand confidence will add to its woes as it struggles to generate profits during the Coronavirus Pandemic.
You may be interested
Global Coronavirus Recovery Could Take Years According to World BankAdam R - September 18, 2020
The global recession triggered by the Coronavirus Pandemic could lead to years of recovery. This is the warning given by…
Federal Reserve Maintains Interest Rate in Latest Policy MeetingBecky H - September 17, 2020
The United States Federal Reserve has kept its benchmark interest rate at zero percent after its policy meeting this week.…